Global Protect Agent: Incorrect privilege assignment allows local privilege escalation
CVE-2020-1989

7HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Global Protect Agent
Vendor: CVE Published:; 8 April 2020

Summary

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1.

Affected Version(s)

Global Protect Agent Linux ARM 5.0 < 5.0.8

Global Protect Agent Linux ARM 5.1 < 5.1.1

References

https://security.paloaltonetworks.com/CVE-2020-1989

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2020
Vulnerability Reserved
Dec 4, 2019